diff --git a/packages/core/basic/src/utils/util.id.ts b/packages/core/basic/src/utils/util.id.ts
index ca00030c..977deb30 100644
--- a/packages/core/basic/src/utils/util.id.ts
+++ b/packages/core/basic/src/utils/util.id.ts
@@ -1,3 +1,4 @@
 import { customAlphabet } from 'nanoid';
 
+export const randomNumber = customAlphabet('1234567890', 4);
 export const simpleNanoId = customAlphabet('1234567890abcdefghijklmopqrstuvwxyz', 12);
diff --git a/packages/core/pipeline/src/service/email.ts b/packages/core/pipeline/src/service/email.ts
index e918e2ab..871a185b 100644
--- a/packages/core/pipeline/src/service/email.ts
+++ b/packages/core/pipeline/src/service/email.ts
@@ -1,5 +1,4 @@
 export type EmailSend = {
-  userId: number;
   subject: string;
   content: string;
   receivers: string[];
diff --git a/packages/libs/lib-server/src/basic/constants.ts b/packages/libs/lib-server/src/basic/constants.ts
index 1bac0592..598004a1 100644
--- a/packages/libs/lib-server/src/basic/constants.ts
+++ b/packages/libs/lib-server/src/basic/constants.ts
@@ -36,6 +36,14 @@ export const Constants = {
       code: 88,
       message: '需要VIP',
     },
+    loginError: {
+      code: 2,
+      message: '登录失败',
+    },
+    codeError: {
+      code: 3,
+      message: '验证码错误',
+    },
     auth: {
       code: 401,
       message: '您还未登录或token已过期',
diff --git a/packages/libs/lib-server/src/basic/exception/code-error-exception.ts b/packages/libs/lib-server/src/basic/exception/code-error-exception.ts
new file mode 100644
index 00000000..cee74052
--- /dev/null
+++ b/packages/libs/lib-server/src/basic/exception/code-error-exception.ts
@@ -0,0 +1,10 @@
+import { Constants } from '../constants.js';
+import { BaseException } from './base-exception.js';
+/**
+ * 验证码异常
+ */
+export class CodeErrorException extends BaseException {
+  constructor(message) {
+    super('CodeErrorException', Constants.res.codeError.code, message ? message : Constants.res.codeError.message);
+  }
+}
diff --git a/packages/libs/lib-server/src/basic/exception/common-exception.ts b/packages/libs/lib-server/src/basic/exception/common-exception.ts
index c9084840..c9f98068 100644
--- a/packages/libs/lib-server/src/basic/exception/common-exception.ts
+++ b/packages/libs/lib-server/src/basic/exception/common-exception.ts
@@ -5,10 +5,6 @@ import { BaseException } from './base-exception.js';
  */
 export class CommonException extends BaseException {
   constructor(message) {
-    super(
-      'CommonException',
-      Constants.res.error.code,
-      message ? message : Constants.res.error.message
-    );
+    super('CommonException', Constants.res.error.code, message ? message : Constants.res.error.message);
   }
 }
diff --git a/packages/libs/lib-server/src/system/settings/service/models.ts b/packages/libs/lib-server/src/system/settings/service/models.ts
index 4cde10c2..7ef22fc5 100644
--- a/packages/libs/lib-server/src/system/settings/service/models.ts
+++ b/packages/libs/lib-server/src/system/settings/service/models.ts
@@ -14,7 +14,14 @@ export class SysPublicSettings extends BaseSettings {
   static __key__ = 'sys.public';
   static __title__ = '系统公共设置';
   static __access__ = 'public';
+
   registerEnabled = false;
+  passwordLoginEnabled = true;
+  usernameRegisterEnabled = false;
+  mobileRegisterEnabled = false;
+  smsLoginEnabled = false;
+  emailRegisterEnabled = false;
+
   limitUserPipelineCount = 0;
   managerOtherUserPipeline = false;
   icpNo?: string;
@@ -35,6 +42,14 @@ export class SysPrivateSettings extends BaseSettings {
   dnsResultOrder? = '';
   commonCnameEnabled?: boolean = true;
 
+  sms?: {
+    type?: string;
+    config?: any;
+  } = {
+    type: 'aliyun',
+    config: {},
+  };
+
   removeSecret() {
     const clone = cloneDeep(this);
     delete clone.jwtKey;
diff --git a/packages/ui/certd-client/src/api/modules/api.basic.ts b/packages/ui/certd-client/src/api/modules/api.basic.ts
index 523abb33..3f251c4e 100644
--- a/packages/ui/certd-client/src/api/modules/api.basic.ts
+++ b/packages/ui/certd-client/src/api/modules/api.basic.ts
@@ -25,6 +25,12 @@ export type PlusInfo = {
 };
 export type SysPublicSetting = {
   registerEnabled?: boolean;
+  usernameRegisterEnabled?: boolean;
+  mobileRegisterEnabled?: boolean;
+  emailRegisterEnabled?: boolean;
+  passwordLoginEnabled?: boolean;
+  smsLoginEnabled?: boolean;
+
   limitUserPipelineCount?: number;
   managerOtherUserPipeline?: boolean;
   icpNo?: string;
@@ -35,6 +41,10 @@ export type SysPrivateSetting = {
   httpsProxy?: string;
   dnsResultOrder?: string;
   commonCnameEnabled?: boolean;
+  sms?: {
+    type?: string;
+    config?: any;
+  };
 };
 export type SysInstallInfo = {
   siteId: string;
@@ -73,3 +83,19 @@ export async function bindUrl(data: any): Promise<any> {
     data
   });
 }
+
+export async function sendSmsCode(data: any): Promise<any> {
+  return await request({
+    url: "/basic/code/sendSmsCode",
+    method: "post",
+    data
+  });
+}
+
+export async function sendEmailCode(data: any): Promise<any> {
+  return await request({
+    url: "/basic/code/sendEmailCode",
+    method: "post",
+    data
+  });
+}
diff --git a/packages/ui/certd-client/src/api/modules/api.user.ts b/packages/ui/certd-client/src/api/modules/api.user.ts
index 6c757fa3..00a016d3 100644
--- a/packages/ui/certd-client/src/api/modules/api.user.ts
+++ b/packages/ui/certd-client/src/api/modules/api.user.ts
@@ -14,6 +14,13 @@ export interface LoginReq {
   password: string;
 }
 
+export interface SmsLoginReq {
+  mobile: string;
+  phoneCode: string;
+  smsCode: string;
+  randomStr: string;
+}
+
 export interface UserInfoRes {
   id: string | number;
   username: string;
@@ -52,6 +59,15 @@ export async function login(data: LoginReq): Promise<LoginRes> {
   });
 }
 
+export async function loginBySms(data: SmsLoginReq): Promise<LoginRes> {
+  //如果开启了登录与权限模块，则真实登录
+  return await request({
+    url: "/loginBySms",
+    method: "post",
+    data
+  });
+}
+
 export async function mine(): Promise<UserInfoRes> {
   if (env.PM_ENABLED === "false") {
     //没有开启权限模块，模拟登录
diff --git a/packages/ui/certd-client/src/store/modules/user.ts b/packages/ui/certd-client/src/store/modules/user.ts
index 21d1566a..25daa6da 100644
--- a/packages/ui/certd-client/src/store/modules/user.ts
+++ b/packages/ui/certd-client/src/store/modules/user.ts
@@ -4,7 +4,7 @@ import router from "../../router";
 import { LocalStorage } from "/src/utils/util.storage";
 // @ts-ignore
 import * as UserApi from "/src/api/modules/api.user";
-import { RegisterReq } from "/src/api/modules/api.user";
+import { RegisterReq, SmsLoginReq } from "/src/api/modules/api.user";
 // @ts-ignore
 import { LoginReq, UserInfoRes } from "/@/api/modules/api.user";
 import { message, Modal, notification } from "ant-design-vue";
@@ -63,15 +63,20 @@ export const useUserStore = defineStore({
     /**
      * @description: login
      */
-    async login(params: LoginReq): Promise<any> {
+    async login(loginType: string, params: LoginReq | SmsLoginReq): Promise<any> {
       try {
-        const data = await UserApi.login(params);
-        const { token, expire } = data;
+        let loginRes: any = null;
+        if (loginType === "sms") {
+          loginRes = await UserApi.loginBySms(params as SmsLoginReq);
+        } else {
+          loginRes = await UserApi.login(params as LoginReq);
+        }
 
+        const { token, expire } = loginRes;
         // save token
         this.setToken(token, expire);
         // get user info
-        return await this.onLoginSuccess(data);
+        return await this.onLoginSuccess(loginRes);
       } catch (error) {
         return null;
       }
diff --git a/packages/ui/certd-client/src/style/common.less b/packages/ui/certd-client/src/style/common.less
index ad936aed..1a86ea69 100644
--- a/packages/ui/certd-client/src/style/common.less
+++ b/packages/ui/certd-client/src/style/common.less
@@ -246,7 +246,8 @@ h1, h2, h3, h4, h5, h6 {
 .helper {
   color: #aeaeae;
   font-size: 12px;
-
+  margin-top:3px;
+  margin-bottom:3px;
   &.error{
     color: #ff4d4f;
   }
diff --git a/packages/ui/certd-client/src/views/framework/login/index.vue b/packages/ui/certd-client/src/views/framework/login/index.vue
index 5a0cb263..794f6556 100644
--- a/packages/ui/certd-client/src/views/framework/login/index.vue
+++ b/packages/ui/certd-client/src/views/framework/login/index.vue
@@ -5,71 +5,68 @@
       class="user-layout-login"
       name="custom-validation"
       :model="formState"
-      :rules="rules"
       v-bind="layout"
       @finish="handleFinish"
       @finish-failed="handleFinishFailed"
     >
       <!--      <div class="login-title">登录</div>-->
-      <a-tabs :active-key="formState.loginType" :tab-bar-style="{ textAlign: 'center', borderBottom: 'unset' }">
-        <a-tab-pane key="password" tab="用户名密码登录">
-          <a-alert v-if="isLoginError" type="error" show-icon style="margin-bottom: 24px" message="用户名或密码错误" />
-
-          <!--      <div class="login-title">登录</div>-->
-          <a-form-item required has-feedback name="username">
-            <a-input v-model:value="formState.username" placeholder="请输入用户名" size="large" autocomplete="off">
-              <template #prefix>
-                <span class="iconify" data-icon="ion:phone-portrait-outline" data-inline="false"></span>
-              </template>
-            </a-input>
-          </a-form-item>
-          <a-form-item has-feedback name="password">
-            <a-input-password v-model:value="formState.password" placeholder="请输入密码" size="large" autocomplete="off">
-              <template #prefix>
-                <span class="iconify" data-icon="ion:lock-closed-outline" data-inline="false"></span>
-              </template>
-            </a-input-password>
-          </a-form-item>
+      <a-tabs v-model:active-key="formState.loginType" :tab-bar-style="{ textAlign: 'center', borderBottom: 'unset' }">
+        <a-tab-pane key="password" tab="密码登录" :disabled="sysPublicSettings.passwordLoginEnabled !== true">
+          <template v-if="formState.loginType === 'password'">
+            <!--      <div class="login-title">登录</div>-->
+            <a-form-item required has-feedback name="username" :rules="rules.username">
+              <a-input v-model:value="formState.username" placeholder="请输入用户名/邮箱/手机号" autocomplete="off">
+                <template #prefix>
+                  <fs-icon icon="ion:phone-portrait-outline"></fs-icon>
+                </template>
+              </a-input>
+            </a-form-item>
+            <a-form-item has-feedback name="password" :rules="rules.password">
+              <a-input-password v-model:value="formState.password" placeholder="请输入密码" autocomplete="off">
+                <template #prefix>
+                  <fs-icon icon="ion:lock-closed-outline"></fs-icon>
+                </template>
+              </a-input-password>
+            </a-form-item>
+          </template>
         </a-tab-pane>
-        <a-tab-pane key="smsCode" tab="短信验证码登录" :disabled="true" title="暂不支持">
-          <a-form-item required has-feedback name="mobile">
-            <a-input v-model:value="formState.mobile" placeholder="请输入手机号" size="large" autocomplete="off">
-              <template #prefix>
-                <span class="iconify" data-icon="ion:phone-portrait-outline" data-inline="false"></span>
-              </template>
-            </a-input>
-          </a-form-item>
-          <a-form-item has-feedback name="imgCode">
-            <a-row :gutter="16">
-              <a-col class="gutter-row" :span="16">
-                <a-input v-model:value="formState.imgCode" placeholder="请输入图片验证码" size="large" autocomplete="off">
+        <a-tab-pane key="sms" tab="短信验证码登录" :disabled="sysPublicSettings.smsLoginEnabled !== true">
+          <template v-if="formState.loginType === 'sms'">
+            <a-form-item has-feedback name="mobile" :rules="rules.mobile">
+              <a-input v-model:value="formState.mobile" placeholder="请输入手机号" autocomplete="off">
+                <template #prefix>
+                  <fs-icon icon="ion:phone-portrait-outline"></fs-icon>
+                </template>
+              </a-input>
+            </a-form-item>
+            <a-form-item has-feedback name="imgCode">
+              <div class="flex">
+                <a-input v-model:value="formState.imgCode" placeholder="请输入图片验证码" autocomplete="off">
                   <template #prefix>
-                    <span class="iconify" data-icon="ion:image-outline" data-inline="false"></span>
+                    <fs-icon icon="ion:image-outline"></fs-icon>
                   </template>
                 </a-input>
-              </a-col>
-              <a-col class="gutter-row" :span="8">
-                <img class="image-code" :src="imageCodeUrl" @click="resetImageCode" />
-              </a-col>
-            </a-row>
-          </a-form-item>
+                <div class="input-right">
+                  <img class="image-code" :src="imageCodeUrl" @click="resetImageCode" />
+                </div>
+              </div>
+            </a-form-item>
 
-          <a-form-item name="smsCode">
-            <a-row :gutter="16">
-              <a-col class="gutter-row" :span="16">
-                <a-input v-model:value="formState.smsCode" size="large" placeholder="短信验证码">
+            <a-form-item name="smsCode" :rules="rules.smsCode">
+              <div class="flex">
+                <a-input v-model:value="formState.smsCode" placeholder="短信验证码">
                   <template #prefix>
-                    <span class="iconify" data-icon="ion:mail-outline" data-inline="false"></span>
+                    <fs-icon icon="ion:mail-outline"></fs-icon>
                   </template>
                 </a-input>
-              </a-col>
-              <a-col class="gutter-row" :span="8">
-                <a-button class="getCaptcha" tabindex="-1" :disabled="smsSendBtnDisabled" @click="sendSmsCode">
-                  {{ smsTime <= 0 ? "发送" : smsTime + " s" }}
-                </a-button>
-              </a-col>
-            </a-row>
-          </a-form-item>
+                <div class="input-right">
+                  <a-button class="getCaptcha" type="primary" tabindex="-1" :disabled="smsSendBtnDisabled" @click="sendSmsCode">
+                    {{ smsTime <= 0 ? "发送" : smsTime + " s" }}
+                  </a-button>
+                </div>
+              </div>
+            </a-form-item>
+          </template>
         </a-tab-pane>
       </a-tabs>
       <a-form-item>
@@ -87,6 +84,9 @@ import { defineComponent, reactive, ref, toRaw, computed } from "vue";
 import { useUserStore } from "/src/store/modules/user";
 import { useSettingStore } from "/@/store/modules/settings";
 import { utils } from "@fast-crud/fast-crud";
+import * as api from "/src/api/modules/api.basic";
+import { nanoid } from "nanoid";
+import { notification } from "ant-design-vue";
 export default defineComponent({
   name: "LoginPage",
   setup() {
@@ -96,39 +96,37 @@ export default defineComponent({
     const formRef = ref();
     const formState = reactive({
       username: "",
+      phoneCode: "86",
       mobile: "",
       password: "",
       loginType: "password", //password
       imgCode: "",
-      smsCode: ""
+      smsCode: "",
+      randomStr: ""
     });
 
     const rules = {
       mobile: [
         {
           required: true,
-          trigger: "change",
-          message: "请输入登录手机号"
+          message: "请输入手机号"
         }
       ],
       username: [
         {
           required: true,
-          trigger: "change",
           message: "请输入用户名"
         }
       ],
       password: [
         {
           required: true,
-          trigger: "change",
           message: "请输入登录密码"
         }
       ],
       smsCode: [
         {
           required: true,
-          trigger: "change",
           message: "请输入短信验证码"
         }
       ]
@@ -146,7 +144,8 @@ export default defineComponent({
       utils.logger.log(values, formState);
       loading.value = true;
       try {
-        const userInfo = await userStore.login(toRaw(formState));
+        const loginType = formState.loginType;
+        await userStore.login(loginType, toRaw(formState));
       } finally {
         loading.value = false;
       }
@@ -164,8 +163,9 @@ export default defineComponent({
 
     const imageCodeUrl = ref();
     function resetImageCode() {
-      let url = "/basic/code";
-      imageCodeUrl.value = url + "?t=" + new Date().getTime();
+      formState.randomStr = nanoid(10);
+      let url = "/api/basic/code/captcha";
+      imageCodeUrl.value = url + "?randomStr=" + formState.randomStr;
     }
     resetImageCode();
 
@@ -176,8 +176,25 @@ export default defineComponent({
       }
       return !!formState.smsCode;
     });
-    function sendSmsCode() {
-      //api.sendSmsCode();
+    async function sendSmsCode() {
+      if (!formState.mobile) {
+        notification.error({ message: "请输入手机号" });
+        return;
+      }
+      if (!formState.imgCode) {
+        notification.error({ message: "请输入图片验证码" });
+        return;
+      }
+      await api.sendSmsCode({
+        phoneCode: formState.phoneCode,
+        mobile: formState.mobile,
+        imgCode: formState.imgCode,
+        randomStr: formState.randomStr
+      });
+      smsTime.value = 60;
+      setInterval(() => {
+        smsTime.value--;
+      }, 1000);
     }
     const sysPublicSettings = settingStore.getSysPublic;
     return {
@@ -207,9 +224,9 @@ export default defineComponent({
   //margin: 20px !important;
   margin-bottom: 100px;
   .user-layout-login {
-    label {
-      font-size: 14px;
-    }
+    //label {
+    //  font-size: 14px;
+    //}
 
     .login-title {
       color: @primary-color;
@@ -220,9 +237,15 @@ export default defineComponent({
     .getCaptcha {
       display: block;
       width: 100%;
-      height: 40px;
     }
 
+    .image-code {
+      height: 34px;
+    }
+    .input-right {
+      width: 160px;
+      margin-left: 10px;
+    }
     .forge-password {
       font-size: 14px;
     }
@@ -230,7 +253,6 @@ export default defineComponent({
     button.login-button {
       padding: 0 15px;
       font-size: 16px;
-      height: 40px;
       width: 100%;
     }
 
@@ -238,7 +260,7 @@ export default defineComponent({
       text-align: left;
       margin-top: 30px;
       margin-bottom: 30px;
-      line-height: 22px;
+      //line-height: 22px;
 
       .item-icon {
         font-size: 24px;
@@ -257,8 +279,17 @@ export default defineComponent({
         float: right;
       }
     }
-    .iconify {
+    .fs-icon {
       color: rgba(0, 0, 0, 0.45);
+      margin-right: 4px;
+    }
+    .ant-input-affix-wrapper {
+      line-height: 1.8 !important;
+      font-size: 14px !important;
+      > * {
+        line-height: 1.8 !important;
+        font-size: 14px !important;
+      }
     }
   }
 }
diff --git a/packages/ui/certd-client/src/views/framework/register/index.vue b/packages/ui/certd-client/src/views/framework/register/index.vue
index 77159039..babdd286 100644
--- a/packages/ui/certd-client/src/views/framework/register/index.vue
+++ b/packages/ui/certd-client/src/views/framework/register/index.vue
@@ -11,16 +11,63 @@
       @finish="handleFinish"
       @finish-failed="handleFinishFailed"
     >
-      <a-tabs :tab-bar-style="{ textAlign: 'center', borderBottom: 'unset' }">
-        <a-tab-pane key="register" tab="用户注册"> </a-tab-pane>
-      </a-tabs>
-      <a-form-item required has-feedback name="username" label="用户名">
-        <a-input v-model:value="formState.username" placeholder="用户名" size="large" autocomplete="off">
-          <template #prefix>
-            <span class="iconify" data-icon="ion:person" data-inline="false"></span>
+      <a-tabs v-model:value="registerType" :tab-bar-style="{ textAlign: 'center', borderBottom: 'unset' }">
+        <a-tab-pane key="username" tab="用户名注册">
+          <template v-if="registerType === 'username'">
+            <a-form-item required has-feedback name="username" label="用户名">
+              <a-input v-model:value="formState.username" placeholder="用户名" size="large" autocomplete="off">
+                <template #prefix>
+                  <span class="iconify" data-icon="ion:person" data-inline="false"></span>
+                </template>
+              </a-input>
+            </a-form-item>
           </template>
-        </a-input>
-      </a-form-item>
+        </a-tab-pane>
+        <a-tab-pane key="email" tab="邮箱注册">
+          <template v-if="registerType === 'email'">
+            <a-form-item required has-feedback name="email" label="邮箱">
+              <a-input v-model:value="formState.email" placeholder="邮箱" size="large" autocomplete="off">
+                <template #prefix>
+                  <span class="iconify" data-icon="ion:person" data-inline="false"></span>
+                </template>
+              </a-input>
+            </a-form-item>
+
+            <a-form-item has-feedback name="imgCode">
+              <a-row :gutter="16">
+                <a-col class="gutter-row" :span="16">
+                  <a-input v-model:value="formState.imgCode" placeholder="请输入图片验证码" size="large" autocomplete="off">
+                    <template #prefix>
+                      <span class="iconify" data-icon="ion:image-outline" data-inline="false"></span>
+                    </template>
+                  </a-input>
+                </a-col>
+                <a-col class="gutter-row" :span="8">
+                  <img class="image-code" :src="imageCodeUrl" @click="resetImageCode" />
+                </a-col>
+              </a-row>
+            </a-form-item>
+
+            <a-form-item name="smsCode">
+              <a-row :gutter="16">
+                <a-col class="gutter-row" :span="16">
+                  <a-input v-model:value="formState.validateCode" size="large" placeholder="邮箱验证码">
+                    <template #prefix>
+                      <span class="iconify" data-icon="ion:mail-outline" data-inline="false"></span>
+                    </template>
+                  </a-input>
+                </a-col>
+                <a-col class="gutter-row" :span="8">
+                  <a-button class="getCaptcha" tabindex="-1" :disabled="smsSendBtnDisabled" @click="sendSmsCode">
+                    {{ smsTime <= 0 ? "发送" : smsTime + " s" }}
+                  </a-button>
+                </a-col>
+              </a-row>
+            </a-form-item>
+          </template>
+        </a-tab-pane>
+      </a-tabs>
+
       <a-form-item has-feedback name="password" label="密码">
         <a-input-password v-model:value="formState.password" placeholder="密码" size="large" autocomplete="off">
           <template #prefix>
@@ -35,7 +82,6 @@
           </template>
         </a-input-password>
       </a-form-item>
-
       <a-form-item>
         <a-button type="primary" size="large" html-type="submit" class="login-button">注册</a-button>
       </a-form-item>
@@ -53,9 +99,13 @@ import { utils } from "@fast-crud/fast-crud";
 export default defineComponent({
   name: "RegisterPage",
   setup() {
+    const registerType = ref("email");
     const userStore = useUserStore();
     const formRef = ref();
     const formState: any = reactive({
+      mobile: "",
+      phoneCode: "",
+      email: "",
       username: "",
       password: "",
       confirmPassword: ""
@@ -69,6 +119,13 @@ export default defineComponent({
           message: "请输入用户名"
         }
       ],
+      email: [
+        {
+          required: true,
+          trigger: "change",
+          message: "请输入邮箱"
+        }
+      ],
       password: [
         {
           required: true,
@@ -110,14 +167,24 @@ export default defineComponent({
       formRef.value.resetFields();
     };
 
+    const imageCodeUrl = ref();
+    function resetImageCode() {
+      let url = "/basic/code";
+      imageCodeUrl.value = url + "?t=" + new Date().getTime();
+    }
+    resetImageCode();
+
     return {
+      resetImageCode,
+      imageCodeUrl,
       formState,
       formRef,
       rules,
       layout,
       handleFinishFailed,
       handleFinish,
-      resetForm
+      resetForm,
+      registerType
     };
   }
 });
diff --git a/packages/ui/certd-client/src/views/sys/settings/index.vue b/packages/ui/certd-client/src/views/sys/settings/index.vue
index 4b300fa6..c7389e81 100644
--- a/packages/ui/certd-client/src/views/sys/settings/index.vue
+++ b/packages/ui/certd-client/src/views/sys/settings/index.vue
@@ -1,162 +1,29 @@
 <template>
   <fs-page class="page-sys-settings">
-    <template #header>
-      <div class="title">系统设置</div>
-    </template>
-    <div class="sys-settings-form settings-form">
-      <a-form
-        :model="formState"
-        name="basic"
-        :label-col="{ span: 8 }"
-        :wrapper-col="{ span: 16 }"
-        autocomplete="off"
-        @finish="onFinish"
-        @finish-failed="onFinishFailed"
-      >
-        <a-form-item label="开启自助注册" :name="['public', 'registerEnabled']">
-          <a-switch v-model:checked="formState.public.registerEnabled" />
-        </a-form-item>
-        <a-form-item label="限制用户流水线数量" :name="['public', 'limitUserPipelineCount']">
-          <a-input-number v-model:value="formState.public.limitUserPipelineCount" />
-          <div class="helper">0为不限制</div>
-        </a-form-item>
-        <a-form-item label="管理其他用户流水线" :name="['public', 'managerOtherUserPipeline']">
-          <a-switch v-model:checked="formState.public.managerOtherUserPipeline" />
-        </a-form-item>
-
-        <a-form-item label="ICP备案号" :name="['public', 'icpNo']">
-          <a-input v-model:value="formState.public.icpNo" placeholder="粤ICP备xxxxxxx号" />
-        </a-form-item>
-
-        <a-form-item label="HTTP代理" :name="['private', 'httpProxy']" :rules="urlRules">
-          <a-input v-model:value="formState.private.httpProxy" placeholder="http://192.168.1.2:18010/" />
-          <div class="helper">当某些网站被墙时可以配置</div>
-        </a-form-item>
-
-        <a-form-item label="HTTPS代理" :name="['private', 'httpsProxy']" :rules="urlRules">
-          <div class="flex">
-            <a-input v-model:value="formState.private.httpsProxy" placeholder="http://192.168.1.2:18010/" />
-            <a-button class="ml-5" type="primary" :loading="testProxyLoading" title="保存后，再点击测试" @click="testProxy">测试</a-button>
-          </div>
-          <div class="helper">一般这两个代理填一样的，保存后再测试</div>
-        </a-form-item>
-
-        <a-form-item label="双栈网络" :name="['private', 'dnsResultOrder']">
-          <a-select v-model:value="formState.private.dnsResultOrder">
-            <a-select-option value="verbatim">默认</a-select-option>
-            <a-select-option value="ipv4first">IPV4优先</a-select-option>
-            <a-select-option value="ipv6first">IPV6优先</a-select-option>
-          </a-select>
-          <div class="helper">如果选择IPv6优先，需要在docker-compose.yaml中启用ipv6</div>
-        </a-form-item>
-
-        <a-form-item label="启用公共CNAME服务" :name="['private', 'commonCnameEnabled']">
-          <a-switch v-model:checked="formState.private.commonCnameEnabled" />
-          <div class="helper">
-            是否可以使用公共CNAME服务，如果禁用，且没有设置<router-link to="/sys/cname/provider">自定义CNAME服务</router-link>，则无法使用CNAME代理方式申请证书
-          </div>
-        </a-form-item>
-
-        <a-form-item :wrapper-col="{ offset: 8, span: 16 }">
-          <a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
-        </a-form-item>
-      </a-form>
+    <!--    <template #header>-->
+    <!--      <div class="title">系统设置</div>-->
+    <!--    </template>-->
+    <div class="sys-settings-body">
+      <a-tabs type="card" class="sys-settings-tabs">
+        <a-tab-pane key="site" tab="基本设置">
+          <SettingBase />
+        </a-tab-pane>
+        <a-tab-pane key="register" tab="注册设置">
+          <SettingRegister />
+        </a-tab-pane>
+      </a-tabs>
     </div>
   </fs-page>
 </template>
 
 <script setup lang="tsx">
-import { reactive, ref } from "vue";
-import * as api from "./api";
 import { SysSettings } from "./api";
-import { notification } from "ant-design-vue";
-import { useSettingStore } from "/@/store/modules/settings";
-import { merge } from "lodash-es";
-import { util } from "/@/utils";
-import NotificationSelector from "/src/views/certd/notification/notification-selector/index.vue";
+import SettingBase from "/@/views/sys/settings/tabs/base.vue";
+import SettingRegister from "/@/views/sys/settings/tabs/register.vue";
+
 defineOptions({
   name: "SysSettings"
 });
-
-const formState = reactive<Partial<SysSettings>>({
-  public: {
-    registerEnabled: false,
-    limitUserPipelineCount: 0,
-    managerOtherUserPipeline: false,
-    icpNo: ""
-  },
-  private: {}
-});
-
-const urlRules = ref({
-  type: "url",
-  message: "请输入正确的URL"
-});
-
-async function loadSysSettings() {
-  const data: any = await api.SysSettingsGet();
-  merge(formState, data);
-}
-
-const saveLoading = ref(false);
-loadSysSettings();
-const settingsStore = useSettingStore();
-const onFinish = async (form: any) => {
-  try {
-    saveLoading.value = true;
-    await api.SysSettingsSave(form);
-    await settingsStore.loadSysSettings();
-    notification.success({
-      message: "保存成功"
-    });
-  } finally {
-    saveLoading.value = false;
-  }
-};
-
-const onFinishFailed = (errorInfo: any) => {
-  // console.log("Failed:", errorInfo);
-};
-
-async function stopOtherUserTimer() {
-  await api.stopOtherUserTimer();
-  notification.success({
-    message: "停止成功"
-  });
-}
-
-const testProxyLoading = ref(false);
-async function testProxy() {
-  testProxyLoading.value = true;
-  try {
-    const res = await api.TestProxy();
-    let success = true;
-    if (res.google !== true || res.baidu !== true) {
-      success = false;
-    }
-    const content = () => {
-      return (
-        <div>
-          <div>Google: {res.google === true ? "成功" : util.maxLength(res.google)}</div>
-          <div>Baidu: {res.baidu === true ? "成功" : util.maxLength(res.google)}</div>
-        </div>
-      );
-    };
-    if (!success) {
-      notification.error({
-        message: "测试失败",
-        description: content
-      });
-      return;
-    }
-    notification.success({
-      message: "测试完成",
-      description: content
-    });
-  } finally {
-    testProxyLoading.value = false;
-  }
-}
 </script>
 
 <style lang="less">
@@ -165,5 +32,20 @@ async function testProxy() {
     width: 500px;
     margin: 20px;
   }
+
+  .sys-settings-body {
+    height: 100%;
+    padding-top: 20px;
+    padding-left: 20px;
+    .sys-settings-tabs {
+      height: 100%;
+      display: flex;
+      flex-direction: column;
+      .ant-tabs-content-holder {
+        flex: 1;
+        overflow: auto;
+      }
+    }
+  }
 }
 </style>
diff --git a/packages/ui/certd-client/src/views/sys/settings/tabs/base.vue b/packages/ui/certd-client/src/views/sys/settings/tabs/base.vue
new file mode 100644
index 00000000..f1d24360
--- /dev/null
+++ b/packages/ui/certd-client/src/views/sys/settings/tabs/base.vue
@@ -0,0 +1,145 @@
+<template>
+  <div class="sys-settings-form sys-settings-base">
+    <a-form
+      :model="formState"
+      name="basic"
+      :label-col="{ span: 8 }"
+      :wrapper-col="{ span: 16 }"
+      autocomplete="off"
+      @finish="onFinish"
+      @finish-failed="onFinishFailed"
+    >
+      <a-form-item label="ICP备案号" :name="['public', 'icpNo']">
+        <a-input v-model:value="formState.public.icpNo" placeholder="粤ICP备xxxxxxx号" />
+      </a-form-item>
+
+      <a-form-item label="HTTP代理" :name="['private', 'httpProxy']" :rules="urlRules">
+        <a-input v-model:value="formState.private.httpProxy" placeholder="http://192.168.1.2:18010/" />
+        <div class="helper">当某些网站被墙时可以配置</div>
+      </a-form-item>
+
+      <a-form-item label="HTTPS代理" :name="['private', 'httpsProxy']" :rules="urlRules">
+        <div class="flex">
+          <a-input v-model:value="formState.private.httpsProxy" placeholder="http://192.168.1.2:18010/" />
+          <a-button class="ml-5" type="primary" :loading="testProxyLoading" title="保存后，再点击测试" @click="testProxy">测试</a-button>
+        </div>
+        <div class="helper">一般这两个代理填一样的，保存后再测试</div>
+      </a-form-item>
+
+      <a-form-item label="双栈网络" :name="['private', 'dnsResultOrder']">
+        <a-select v-model:value="formState.private.dnsResultOrder">
+          <a-select-option value="verbatim">默认</a-select-option>
+          <a-select-option value="ipv4first">IPV4优先</a-select-option>
+          <a-select-option value="ipv6first">IPV6优先</a-select-option>
+        </a-select>
+        <div class="helper">如果选择IPv6优先，需要在docker-compose.yaml中启用ipv6</div>
+      </a-form-item>
+
+      <a-form-item label="启用公共CNAME服务" :name="['private', 'commonCnameEnabled']">
+        <a-switch v-model:checked="formState.private.commonCnameEnabled" />
+        <div class="helper">
+          是否可以使用公共CNAME服务，如果禁用，且没有设置<router-link to="/sys/cname/provider">自定义CNAME服务</router-link>，则无法使用CNAME代理方式申请证书
+        </div>
+      </a-form-item>
+
+      <a-form-item :wrapper-col="{ offset: 8, span: 16 }">
+        <a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
+      </a-form-item>
+    </a-form>
+  </div>
+</template>
+
+<script setup lang="tsx">
+import { reactive, ref } from "vue";
+import { SysSettings } from "/@/views/sys/settings/api";
+import * as api from "/@/views/sys/settings/api";
+import { merge } from "lodash-es";
+import { useSettingStore } from "/@/store/modules/settings";
+import { notification } from "ant-design-vue";
+import { util } from "/@/utils";
+
+defineOptions({
+  name: "SettingBase"
+});
+
+const formState = reactive<Partial<SysSettings>>({
+  public: {
+    icpNo: ""
+  },
+  private: {}
+});
+
+const urlRules = ref({
+  type: "url",
+  message: "请输入正确的URL"
+});
+
+async function loadSysSettings() {
+  const data: any = await api.SysSettingsGet();
+  merge(formState, data);
+}
+
+const saveLoading = ref(false);
+loadSysSettings();
+const settingsStore = useSettingStore();
+const onFinish = async (form: any) => {
+  try {
+    saveLoading.value = true;
+    await api.SysSettingsSave(form);
+    await settingsStore.loadSysSettings();
+    notification.success({
+      message: "保存成功"
+    });
+  } finally {
+    saveLoading.value = false;
+  }
+};
+
+const onFinishFailed = (errorInfo: any) => {
+  // console.log("Failed:", errorInfo);
+};
+
+async function stopOtherUserTimer() {
+  await api.stopOtherUserTimer();
+  notification.success({
+    message: "停止成功"
+  });
+}
+
+const testProxyLoading = ref(false);
+async function testProxy() {
+  testProxyLoading.value = true;
+  try {
+    const res = await api.TestProxy();
+    let success = true;
+    if (res.google !== true || res.baidu !== true) {
+      success = false;
+    }
+    const content = () => {
+      return (
+        <div>
+          <div>Google: {res.google === true ? "成功" : util.maxLength(res.google)}</div>
+          <div>Baidu: {res.baidu === true ? "成功" : util.maxLength(res.google)}</div>
+        </div>
+      );
+    };
+    if (!success) {
+      notification.error({
+        message: "测试失败",
+        description: content
+      });
+      return;
+    }
+    notification.success({
+      message: "测试完成",
+      description: content
+    });
+  } finally {
+    testProxyLoading.value = false;
+  }
+}
+</script>
+<style lang="less">
+.sys-settings-base {
+}
+</style>
diff --git a/packages/ui/certd-client/src/views/sys/settings/tabs/register.vue b/packages/ui/certd-client/src/views/sys/settings/tabs/register.vue
new file mode 100644
index 00000000..07427608
--- /dev/null
+++ b/packages/ui/certd-client/src/views/sys/settings/tabs/register.vue
@@ -0,0 +1,109 @@
+<template>
+  <div class="sys-settings-form sys-settings-register">
+    <a-form :model="formState" name="register" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off" @finish="onFinish">
+      <a-form-item label="开启自助注册" :name="['public', 'registerEnabled']">
+        <a-switch v-model:checked="formState.public.registerEnabled" />
+      </a-form-item>
+
+      <a-form-item label="限制用户流水线数量" :name="['public', 'limitUserPipelineCount']">
+        <a-input-number v-model:value="formState.public.limitUserPipelineCount" />
+        <div class="helper">0为不限制</div>
+      </a-form-item>
+      <a-form-item label="管理其他用户流水线" :name="['public', 'managerOtherUserPipeline']">
+        <a-switch v-model:checked="formState.public.managerOtherUserPipeline" />
+      </a-form-item>
+
+      <template v-if="formState.public.registerEnabled">
+        <a-form-item label="开启用户名注册" :name="['public', 'usernameRegisterEnabled']">
+          <a-switch v-model:checked="formState.public.usernameRegisterEnabled" />
+        </a-form-item>
+        <a-form-item label="开启邮箱注册" :name="['public', 'emailRegisterEnabled']">
+          <a-switch v-model:checked="formState.public.emailRegisterEnabled" />
+          <div class="helper">需要<router-link to="/sys/settings/email">设置邮箱服务器</router-link></div>
+        </a-form-item>
+        <a-form-item label="开启密码登录" :name="['public', 'passwordLoginEnabled']">
+          <a-switch v-model:checked="formState.public.passwordLoginEnabled" />
+        </a-form-item>
+        <a-form-item label="开启手机号登录、注册" :name="['public', 'smsLoginEnabled']">
+          <a-switch v-model:checked="formState.public.smsLoginEnabled" />
+        </a-form-item>
+        <template v-if="formState.public.smsLoginEnabled">
+          <a-form-item label="短信提供商" :name="['private', 'sms', 'type']">
+            <a-select v-model:value="formState.private.sms.type">
+              <a-select-option value="aliyun">阿里云</a-select-option>
+            </a-select>
+          </a-form-item>
+
+          <a-form-item label="阿里云授权" :name="['private', 'sms', 'config', 'accessId']">
+            <access-selector v-model="formState.private.sms.config.accessId" />
+          </a-form-item>
+
+          <a-form-item label="短信签名" :name="['private', 'sms', 'config', 'signName']">
+            <a-input v-model:value="formState.private.sms.config.signName" />
+          </a-form-item>
+
+          <a-form-item label="验证码模版ID" :name="['private', 'sms', 'config', 'codeTemplateId']">
+            <a-input v-model:value="formState.private.sms.config.codeTemplateId" />
+            <div class="helper">需要配置一个变量为{code}的验证码模版</div>
+          </a-form-item>
+        </template>
+      </template>
+
+      <a-form-item :wrapper-col="{ offset: 8, span: 16 }">
+        <a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
+      </a-form-item>
+    </a-form>
+  </div>
+</template>
+
+<script setup lang="tsx">
+import { reactive, ref } from "vue";
+import { SysSettings } from "/@/views/sys/settings/api";
+import * as api from "/@/views/sys/settings/api";
+import { merge } from "lodash-es";
+import { useSettingStore } from "/@/store/modules/settings";
+import { notification } from "ant-design-vue";
+import { util } from "/@/utils";
+import AccessSelector from "/@/views/certd/access/access-selector/index.vue";
+
+defineOptions({
+  name: "SettingRegister"
+});
+
+const formState = reactive<Partial<SysSettings>>({
+  public: {
+    registerEnabled: false
+  },
+  private: {
+    sms: {
+      type: "aliyun",
+      config: {}
+    }
+  }
+});
+
+async function loadSysSettings() {
+  const data: any = await api.SysSettingsGet();
+  merge(formState, data);
+}
+
+const saveLoading = ref(false);
+loadSysSettings();
+const settingsStore = useSettingStore();
+const onFinish = async (form: any) => {
+  try {
+    saveLoading.value = true;
+    await api.SysSettingsSave(form);
+    await settingsStore.loadSysSettings();
+    notification.success({
+      message: "保存成功"
+    });
+  } finally {
+    saveLoading.value = false;
+  }
+};
+</script>
+<style lang="less">
+.sys-settings-site {
+}
+</style>
diff --git a/packages/ui/certd-server/src/config/config.default.ts b/packages/ui/certd-server/src/config/config.default.ts
index 26a3435a..c5fa3ff7 100644
--- a/packages/ui/certd-server/src/config/config.default.ts
+++ b/packages/ui/certd-server/src/config/config.default.ts
@@ -4,7 +4,6 @@ import { MidwayConfig } from '@midwayjs/core';
 // import { fileURLToPath } from 'node:url';
 // // const __filename = fileURLToPath(import.meta.url);
 // const __dirname = dirname(fileURLToPath(import.meta.url));
-// eslint-disable-next-line node/no-extraneous-import
 import { FlywayHistory } from '@certd/midway-flyway-js';
 import { UserEntity } from '../modules/sys/authority/entity/user.js';
 import { PipelineEntity } from '../modules/pipeline/entity/pipeline.js';
diff --git a/packages/ui/certd-server/src/controller/basic/code-controller.ts b/packages/ui/certd-server/src/controller/basic/code-controller.ts
index cf88e054..09a90009 100644
--- a/packages/ui/certd-server/src/controller/basic/code-controller.ts
+++ b/packages/ui/certd-server/src/controller/basic/code-controller.ts
@@ -1,14 +1,12 @@
 import { Rule, RuleType } from '@midwayjs/validate';
-import { ALL, Inject } from '@midwayjs/core';
-import { Body } from '@midwayjs/core';
-import { Controller, Post, Provide } from '@midwayjs/core';
-import { BaseController } from '@certd/lib-server';
+import { ALL, Body, Controller, Get, Inject, Post, Provide, Query } from '@midwayjs/core';
+import { BaseController, Constants } from '@certd/lib-server';
 import { CodeService } from '../../modules/basic/service/code-service.js';
 import { EmailService } from '../../modules/basic/service/email-service.js';
-import { Constants } from '@certd/lib-server';
+
 export class SmsCodeReq {
-  @Rule(RuleType.number().required())
-  phoneCode: number;
+  @Rule(RuleType.string().required())
+  phoneCode: string;
 
   @Rule(RuleType.string().required())
   mobile: string;
@@ -16,7 +14,18 @@ export class SmsCodeReq {
   @Rule(RuleType.string().required().max(10))
   randomStr: string;
 
-  @Rule(RuleType.number().required().max(4))
+  @Rule(RuleType.string().required().max(4))
+  imgCode: string;
+}
+
+export class EmailCodeReq {
+  @Rule(RuleType.string().required())
+  email: string;
+
+  @Rule(RuleType.string().required().max(10))
+  randomStr: string;
+
+  @Rule(RuleType.string().required().max(4))
   imgCode: string;
 }
 
@@ -32,21 +41,30 @@ export class BasicController extends BaseController {
   emailService: EmailService;
 
   @Post('/sendSmsCode', { summary: Constants.per.guest })
-  public sendSmsCode(
+  public async sendSmsCode(
     @Body(ALL)
     body: SmsCodeReq
   ) {
+    await this.codeService.checkCaptcha(body.randomStr, body.imgCode);
+    await this.codeService.sendSmsCode(body.phoneCode, body.mobile, body.randomStr);
+    return this.ok(null);
+  }
+
+  @Post('/sendEmailCode', { summary: Constants.per.guest })
+  public async sendEmailCode(
+    @Body(ALL)
+    body: EmailCodeReq
+  ) {
+    await this.codeService.checkCaptcha(body.randomStr, body.imgCode);
+    await this.codeService.sendEmailCode(body.email, body.randomStr);
     // 设置缓存内容
     return this.ok(null);
   }
 
-  @Post('/captcha', { summary: Constants.per.guest })
-  public async getCaptcha(
-    @Body()
-    randomStr
-  ) {
-    console.assert(randomStr < 10, 'randomStr 过长');
+  @Get('/captcha', { summary: Constants.per.guest })
+  public async getCaptcha(@Query('randomStr') randomStr: any) {
     const captcha = await this.codeService.generateCaptcha(randomStr);
-    return this.ok(captcha.data);
+    this.ctx.res.setHeader('Content-Type', 'image/svg+xml');
+    return captcha.data;
   }
 }
diff --git a/packages/ui/certd-server/src/controller/login/login-controller.ts b/packages/ui/certd-server/src/controller/login/login-controller.ts
index 96274c5a..78c69862 100644
--- a/packages/ui/certd-server/src/controller/login/login-controller.ts
+++ b/packages/ui/certd-server/src/controller/login/login-controller.ts
@@ -1,7 +1,7 @@
-import { Body, Controller, Inject, Post, Provide, ALL } from '@midwayjs/core';
+import { ALL, Body, Controller, Inject, Post, Provide } from '@midwayjs/core';
 import { LoginService } from '../../modules/login/service/login-service.js';
-import { BaseController } from '@certd/lib-server';
-import { Constants } from '@certd/lib-server';
+import { BaseController, Constants, SysPublicSettings, SysSettingsService } from '@certd/lib-server';
+import { CodeService } from '../../modules/basic/service/code-service.js';
 
 /**
  */
@@ -10,13 +10,23 @@ import { Constants } from '@certd/lib-server';
 export class LoginController extends BaseController {
   @Inject()
   loginService: LoginService;
+  @Inject()
+  codeService: CodeService;
+
+  @Inject()
+  sysSettingsService: SysSettingsService;
+
   @Post('/login', { summary: Constants.per.guest })
   public async login(
     @Body(ALL)
     user: any
   ) {
-    const token = await this.loginService.login(user);
+    const settings = await this.sysSettingsService.getSetting<SysPublicSettings>(SysPublicSettings);
+    if (settings.passwordLoginEnabled === false) {
+      throw new Error('当前站点已禁止密码登录');
+    }
 
+    const token = await this.loginService.loginByPassword(user);
     this.ctx.cookies.set('token', token.token, {
       maxAge: 1000 * token.expire,
     });
@@ -29,7 +39,17 @@ export class LoginController extends BaseController {
     @Body(ALL)
     body: any
   ) {
-    const token = await this.loginService.loginBySmsCode(body);
+    const settings = await this.sysSettingsService.getSetting<SysPublicSettings>(SysPublicSettings);
+    if (settings.smsLoginEnabled !== true) {
+      throw new Error('当前站点禁止短信验证码登录');
+    }
+
+    const token = await this.loginService.loginBySmsCode({
+      phoneCode: body.phoneCode,
+      mobile: body.mobile,
+      smsCode: body.smsCode,
+      randomStr: body.randomStr,
+    });
 
     this.ctx.cookies.set('token', token.token, {
       maxAge: 1000 * token.expire,
diff --git a/packages/ui/certd-server/src/controller/login/register-controller.ts b/packages/ui/certd-server/src/controller/login/register-controller.ts
index cffe0a14..f5ad112b 100644
--- a/packages/ui/certd-server/src/controller/login/register-controller.ts
+++ b/packages/ui/certd-server/src/controller/login/register-controller.ts
@@ -1,9 +1,20 @@
 import { ALL, Body, Controller, Inject, Post, Provide } from '@midwayjs/core';
-import { BaseController } from '@certd/lib-server';
-import { Constants } from '@certd/lib-server';
-import { UserService } from '../../modules/sys/authority/service/user-service.js';
-import { UserEntity } from '../../modules/sys/authority/entity/user.js';
-import { SysSettingsService } from '@certd/lib-server';
+import { BaseController, Constants, SysSettingsService } from '@certd/lib-server';
+import { RegisterType, UserService } from '../../modules/sys/authority/service/user-service.js';
+import { CodeService } from '../../modules/basic/service/code-service.js';
+
+export type RegisterReq = {
+  type: RegisterType;
+  username: string;
+  password: string;
+  mobile: string;
+  email: string;
+  phoneCode?: string;
+
+  validateCode: string;
+  imageCode: string;
+  randomStr: string;
+};
 
 /**
  */
@@ -12,6 +23,8 @@ import { SysSettingsService } from '@certd/lib-server';
 export class RegisterController extends BaseController {
   @Inject()
   userService: UserService;
+  @Inject()
+  codeService: CodeService;
 
   @Inject()
   sysSettingsService: SysSettingsService;
@@ -19,13 +32,55 @@ export class RegisterController extends BaseController {
   @Post('/register', { summary: Constants.per.guest })
   public async register(
     @Body(ALL)
-    user: UserEntity
+    body: RegisterReq
   ) {
     const sysPublicSettings = await this.sysSettingsService.getPublicSettings();
     if (sysPublicSettings.registerEnabled === false) {
       throw new Error('当前站点已禁止自助注册功能');
     }
-    const newUser = await this.userService.register(user);
-    return this.ok(newUser);
+
+    if (body.type === 'username') {
+      if (sysPublicSettings.usernameRegisterEnabled) {
+        throw new Error('当前站点已禁止用户名注册功能');
+      }
+      const newUser = await this.userService.register(body.type, {
+        username: body.username,
+        password: body.password,
+      } as any);
+      return this.ok(newUser);
+    } else if (body.type === 'mobile') {
+      if (sysPublicSettings.mobileRegisterEnabled) {
+        throw new Error('当前站点已禁止手机号注册功能');
+      }
+      //验证短信验证码
+      await this.codeService.checkSmsCode({
+        mobile: body.mobile,
+        phoneCode: body.phoneCode,
+        smsCode: body.validateCode,
+        randomStr: body.randomStr,
+        throwError: true,
+      });
+      const newUser = await this.userService.register(body.type, {
+        phoneCode: body.phoneCode,
+        mobile: body.mobile,
+        password: body.password,
+      } as any);
+      return this.ok(newUser);
+    } else if (body.type === 'email') {
+      if (sysPublicSettings.emailRegisterEnabled === false) {
+        throw new Error('当前站点已禁止Email注册功能');
+      }
+      this.codeService.checkEmailCode({
+        email: body.email,
+        randomStr: body.randomStr,
+        validateCode: body.validateCode,
+        throwError: true,
+      });
+      const newUser = await this.userService.register(body.type, {
+        email: body.email,
+        password: body.password,
+      } as any);
+      return this.ok(newUser);
+    }
   }
 }
diff --git a/packages/ui/certd-server/src/modules/basic/service/code-service.ts b/packages/ui/certd-server/src/modules/basic/service/code-service.ts
index ab076e8b..e0bf27a8 100644
--- a/packages/ui/certd-server/src/modules/basic/service/code-service.ts
+++ b/packages/ui/certd-server/src/modules/basic/service/code-service.ts
@@ -1,5 +1,12 @@
 import { Inject, Provide } from '@midwayjs/core';
-import { CacheManager } from '@midwayjs/cache';
+import { cache, isDev, randomNumber } from '@certd/basic';
+import { SysSettingsService } from '@certd/lib-server';
+import { SmsServiceFactory } from '../sms/factory.js';
+import { ISmsService } from '../sms/api.js';
+import { CodeErrorException } from '@certd/lib-server/dist/basic/exception/code-error-exception.js';
+import { EmailService } from './email-service.js';
+import { AccessService } from '../../pipeline/service/access-service.js';
+import { AccessSysGetter } from '../../pipeline/service/access-sys-getter.js';
 
 // {data: '<svg.../svg>', text: 'abcd'}
 /**
@@ -7,7 +14,12 @@ import { CacheManager } from '@midwayjs/cache';
 @Provide()
 export class CodeService {
   @Inject()
-  cache: CacheManager; // 依赖注入CacheManager
+  sysSettingsService: SysSettingsService;
+  @Inject()
+  emailService: EmailService;
+
+  @Inject()
+  accessService: AccessService;
 
   /**
    */
@@ -17,41 +29,114 @@ export class CodeService {
     const c = svgCaptcha.create();
     //{data: '<svg.../svg>', text: 'abcd'}
     const imgCode = c.text; // = RandomUtil.randomStr(4, true);
-    await this.cache.set('imgCode:' + randomStr, imgCode, {
+    cache.set('imgCode:' + randomStr, imgCode, {
       ttl: 2 * 60 * 1000, //过期时间 2分钟
     });
     return c;
   }
 
   async getCaptchaText(randomStr) {
-    return await this.cache.get('imgCode:' + randomStr);
+    return cache.get('imgCode:' + randomStr);
   }
 
   async removeCaptcha(randomStr) {
-    await this.cache.del('imgCode:' + randomStr);
+    cache.delete('imgCode:' + randomStr);
   }
 
-  async checkCaptcha(randomStr, userCaptcha) {
+  async checkCaptcha(randomStr: string, userCaptcha: string) {
     const code = await this.getCaptchaText(randomStr);
     if (code == null) {
       throw new Error('验证码已过期');
     }
-    if (code !== userCaptcha) {
+    if (code.toLowerCase() !== userCaptcha.toLowerCase()) {
       throw new Error('验证码不正确');
     }
+    await this.removeCaptcha(randomStr);
     return true;
   }
   /**
    */
-  async sendSms(phoneCode, mobile, smsCode) {
+  async sendSmsCode(phoneCode, mobile, randomStr) {
     console.assert(phoneCode != null && mobile != null, '手机号不能为空');
-    console.assert(smsCode != null, '验证码不能为空');
+    console.assert(randomStr != null, 'randomStr不能为空');
+
+    const sysSettings = await this.sysSettingsService.getPrivateSettings();
+    if (!sysSettings.sms?.config?.accessId) {
+      throw new Error('当前站点还未配置短信');
+    }
+    const smsType = sysSettings.sms.type;
+    const smsConfig = sysSettings.sms.config;
+    const sender: ISmsService = SmsServiceFactory.createSmsService(smsType);
+    const accessGetter = new AccessSysGetter(this.accessService);
+    sender.setCtx({
+      accessService: accessGetter,
+      config: smsConfig,
+    });
+    const smsCode = randomNumber(4);
+    await sender.sendSmsCode({
+      mobile,
+      code: smsCode,
+      phoneCode,
+    });
+
+    const key = this.buildSmsCodeKey(phoneCode, mobile, randomStr);
+    cache.set(key, smsCode, {
+      ttl: 5 * 60 * 1000, //5分钟
+    });
   }
 
   /**
-   * loginBySmsCode
    */
-  async loginBySmsCode(user, smsCode) {
-    console.assert(user.mobile != null, '手机号不能为空');
+  async sendEmailCode(email: string, randomStr: string) {
+    console.assert(!email, '手机号不能为空');
+    console.assert(!randomStr, 'randomStr不能为空');
+
+    const code = randomNumber(4);
+    await this.emailService.send({
+      subject: '【Certd】验证码',
+      content: `您的验证码是${code}，请勿泄露`,
+      receivers: [email],
+    });
+
+    const key = this.buildEmailCodeKey(email, code);
+    cache.set(key, code, {
+      ttl: 5 * 60 * 1000, //5分钟
+    });
+  }
+
+  /**
+   * checkSms
+   */
+  async checkSmsCode(opts: { mobile: string; phoneCode: string; smsCode: string; randomStr: string; throwError: boolean }) {
+    const key = this.buildSmsCodeKey(opts.phoneCode, opts.mobile, opts.randomStr);
+    if (isDev()) {
+      return true;
+    }
+    return this.checkValidateCode(key, opts.smsCode, opts.throwError);
+  }
+
+  buildSmsCodeKey(phoneCode: string, mobile: string, randomStr: string) {
+    return `sms:${phoneCode}${mobile}:${randomStr}`;
+  }
+
+  buildEmailCodeKey(email: string, randomStr: string) {
+    return `email:${email}:${randomStr}`;
+  }
+  checkValidateCode(key: string, userCode: string, throwError = true) {
+    //验证图片验证码
+    const code = cache.get(key);
+    if (code == null || code !== userCode) {
+      if (throwError) {
+        throw new CodeErrorException('验证码错误');
+      }
+      return false;
+    }
+    cache.delete(key);
+    return true;
+  }
+
+  checkEmailCode(opts: { randomStr: string; validateCode: string; email: string; throwError: boolean }) {
+    const key = this.buildEmailCodeKey(opts.email, opts.randomStr);
+    return this.checkValidateCode(key, opts.validateCode, opts.throwError);
   }
 }
diff --git a/packages/ui/certd-server/src/modules/basic/service/email-service.ts b/packages/ui/certd-server/src/modules/basic/service/email-service.ts
index ccfebbb3..e4985680 100644
--- a/packages/ui/certd-server/src/modules/basic/service/email-service.ts
+++ b/packages/ui/certd-server/src/modules/basic/service/email-service.ts
@@ -91,7 +91,6 @@ export class EmailService implements IEmailService {
 
   async test(userId: number, receiver: string) {
     await this.send({
-      userId,
       receivers: [receiver],
       subject: '测试邮件,from certd',
       content: '测试邮件,from certd',
diff --git a/packages/ui/certd-server/src/modules/basic/sms/aliyun-sms.ts b/packages/ui/certd-server/src/modules/basic/sms/aliyun-sms.ts
new file mode 100644
index 00000000..22cb5bda
--- /dev/null
+++ b/packages/ui/certd-server/src/modules/basic/sms/aliyun-sms.ts
@@ -0,0 +1,68 @@
+import { AliyunAccess, AliyunClient } from '@certd/plugin-plus';
+import { logger } from '@certd/basic';
+import { ISmsService, PluginInputs, SmsPluginCtx } from './api.js';
+export type AliyunSmsConfig = {
+  accessId: string;
+  regionId: string;
+  signName: string;
+  codeTemplateId: string;
+};
+
+export class AliyunSmsService implements ISmsService {
+  static getDefine() {
+    return {
+      name: 'aliyun-sms',
+      desc: '阿里云短信服务',
+      input: {
+        accessId: {
+          title: '阿里云授权',
+          component: {
+            name: 'access-selector',
+            from: 'aliyun',
+          },
+          required: true,
+        },
+        regionId: {
+          title: '接入点',
+          required: true,
+        },
+        signName: {
+          title: '签名',
+          required: true,
+        },
+        codeTemplateId: {
+          title: '验证码模板Id',
+          required: true,
+        },
+      } as PluginInputs<AliyunSmsConfig>,
+    };
+  }
+
+  ctx: SmsPluginCtx<AliyunSmsConfig>;
+
+  setCtx(ctx: any) {
+    this.ctx = ctx;
+  }
+
+  async sendSmsCode(opts: { mobile: string; code: string; phoneCode: string }) {
+    const { mobile, code, phoneCode } = opts;
+    const access = await this.ctx.accessService.getById<AliyunAccess>(this.ctx.config.accessId);
+    const aliyunClinet = new AliyunClient({ logger });
+    await aliyunClinet.init({
+      accessKeyId: access.accessKeyId,
+      accessKeySecret: access.accessKeySecret,
+      endpoint: 'https://dysmsapi.aliyuncs.com',
+      apiVersion: '2017-05-25',
+    });
+    const smsConfig = this.ctx.config;
+    const phoneNumber = phoneCode + mobile;
+    const params = {
+      PhoneNumbers: phoneNumber,
+      SignName: smsConfig.signName,
+      TemplateCode: smsConfig.codeTemplateId,
+      TemplateParam: `{"code":"${code}"}`,
+    };
+
+    await aliyunClinet.request('SendSms', params);
+  }
+}
diff --git a/packages/ui/certd-server/src/modules/basic/sms/api.ts b/packages/ui/certd-server/src/modules/basic/sms/api.ts
new file mode 100644
index 00000000..8ff37f00
--- /dev/null
+++ b/packages/ui/certd-server/src/modules/basic/sms/api.ts
@@ -0,0 +1,15 @@
+import { FormItemProps, IAccessService } from '@certd/pipeline';
+
+export interface ISmsService {
+  sendSmsCode(opts: { mobile: string; code: string; phoneCode: string }): Promise<void>;
+  setCtx(ctx: { accessService: IAccessService; config: { [key: string]: any } }): void;
+}
+
+export type PluginInputs<T = any> = {
+  [key in keyof T]: FormItemProps;
+};
+
+export type SmsPluginCtx<T = any> = {
+  accessService: IAccessService;
+  config: T;
+};
diff --git a/packages/ui/certd-server/src/modules/basic/sms/factory.ts b/packages/ui/certd-server/src/modules/basic/sms/factory.ts
new file mode 100644
index 00000000..91fb2d29
--- /dev/null
+++ b/packages/ui/certd-server/src/modules/basic/sms/factory.ts
@@ -0,0 +1,12 @@
+import { AliyunSmsService } from './aliyun-sms.js';
+
+export class SmsServiceFactory {
+  static createSmsService(type: string) {
+    switch (type) {
+      case 'aliyun':
+        return new AliyunSmsService();
+      default:
+        throw new Error('不支持的短信服务类型');
+    }
+  }
+}
diff --git a/packages/ui/certd-server/src/modules/login/service/login-service.ts b/packages/ui/certd-server/src/modules/login/service/login-service.ts
index 24a9fb81..f16eea3c 100644
--- a/packages/ui/certd-server/src/modules/login/service/login-service.ts
+++ b/packages/ui/certd-server/src/modules/login/service/login-service.ts
@@ -8,6 +8,7 @@ import { SysSettingsService } from '@certd/lib-server';
 import { SysPrivateSettings } from '@certd/lib-server';
 import { cache } from '@certd/basic';
 import { LoginErrorException } from '@certd/lib-server/dist/basic/exception/login-error-exception.js';
+import { CodeService } from '../../basic/service/code-service.js';
 
 /**
  * 系统用户
@@ -18,6 +19,9 @@ export class LoginService {
   userService: UserService;
   @Inject()
   roleService: RoleService;
+
+  @Inject()
+  codeService: CodeService;
   @Config('auth.jwt')
   private jwt: any;
 
@@ -68,16 +72,28 @@ export class LoginService {
     throw new LoginErrorException(errorMessage, leftTimes);
   }
 
-  async loginBySmsCode(req: { mobile: string; phoneCode: string; smsChecked: boolean }) {
-    const { mobile, phoneCode, smsChecked } = req;
+  async loginBySmsCode(req: { mobile: string; phoneCode: string; smsCode: string; randomStr: string }) {
+    const smsChecked = await this.codeService.checkSmsCode({
+      mobile: req.mobile,
+      phoneCode: req.phoneCode,
+      smsCode: req.smsCode,
+      randomStr: req.randomStr,
+      throwError: false,
+    });
+
+    const { mobile, phoneCode } = req;
     if (!smsChecked) {
       this.checkErrorTimes(mobile, '验证码错误');
     }
-    const info = await this.userService.findOne({ phoneCode, mobile: mobile });
+    let info = await this.userService.findOne({ phoneCode, mobile: mobile });
     if (info == null) {
-      throw new CommonException('手机号或验证码错误');
+      //用户不存在，注册
+      info = await this.userService.register('mobile', {
+        phoneCode,
+        mobile,
+        password: '',
+      } as any);
     }
-
     return this.onLoginSuccess(info);
   }
 
@@ -94,21 +110,21 @@ export class LoginService {
     return this.onLoginSuccess(info);
   }
 
-  /**
-   * login
-   */
-  async login(user) {
-    console.assert(user.username != null, '用户名不能为空');
-    const info = await this.userService.findOne({ username: user.username });
-    if (info == null) {
-      throw new CommonException('用户名或密码错误');
-    }
-    const right = await this.userService.checkPassword(user.password, info.password, info.passwordVersion);
-    if (!right) {
-      this.checkErrorTimes(user.username, '用户名或密码错误');
-    }
-    return await this.onLoginSuccess(info);
-  }
+  // /**
+  //  * login
+  //  */
+  // async login(user) {
+  //   console.assert(user.username != null, '用户名不能为空');
+  //   const info = await this.userService.findOne({ username: user.username });
+  //   if (info == null) {
+  //     throw new CommonException('用户名或密码错误');
+  //   }
+  //   const right = await this.userService.checkPassword(user.password, info.password, info.passwordVersion);
+  //   if (!right) {
+  //     this.checkErrorTimes(user.username, '用户名或密码错误');
+  //   }
+  //   return await this.onLoginSuccess(info);
+  // }
 
   private async onLoginSuccess(info: UserEntity) {
     if (info.status === 0) {
diff --git a/packages/ui/certd-server/src/modules/pipeline/service/access-sys-getter.ts b/packages/ui/certd-server/src/modules/pipeline/service/access-sys-getter.ts
new file mode 100644
index 00000000..73b2b7c5
--- /dev/null
+++ b/packages/ui/certd-server/src/modules/pipeline/service/access-sys-getter.ts
@@ -0,0 +1,17 @@
+import { IAccessService } from '@certd/pipeline';
+import { AccessService } from './access-service.js';
+
+export class AccessSysGetter implements IAccessService {
+  accessService: AccessService;
+  constructor(accessService: AccessService) {
+    this.accessService = accessService;
+  }
+
+  async getById<T = any>(id: any) {
+    return await this.accessService.getAccessById(id, false);
+  }
+
+  async getCommonById<T = any>(id: any) {
+    return await this.accessService.getAccessById(id, false);
+  }
+}
diff --git a/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts b/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts
index 4930fb4d..dc1b512f 100644
--- a/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts
+++ b/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts
@@ -12,7 +12,9 @@ import bcrypt from 'bcryptjs';
 import { RandomUtil } from '../../../../utils/random.js';
 import dayjs from 'dayjs';
 import { DbAdapter } from '../../../db/index.js';
-import { utils } from '@certd/basic';
+import { simpleNanoId, utils } from '@certd/basic';
+
+export type RegisterType = 'username' | 'mobile' | 'email';
 /**
  * 系统用户
  */
@@ -151,11 +153,36 @@ export class UserService extends BaseService<UserEntity> {
     return await this.roleService.getPermissionByRoleIds(roleIds);
   }
 
-  async register(user: UserEntity) {
+  async register(type: string, user: UserEntity) {
+    if (type !== 'username') {
+      user.username = 'user_' + simpleNanoId();
+      if (!user.password) {
+        user.password = simpleNanoId();
+      }
+    }
+    if (type === 'mobile') {
+      user.nickName = user.mobile.substring(0, 3) + '****' + user.mobile.substring(7);
+    }
+
     const old = await this.findOne({ username: user.username });
     if (old != null) {
-      throw new CommonException('用户名已经存在');
+      throw new CommonException('用户名已被注册');
     }
+
+    if (user.mobile) {
+      const old = await this.findOne({ mobile: user.mobile });
+      if (old != null) {
+        throw new CommonException('手机号已被注册');
+      }
+    }
+
+    if (user.email) {
+      const old = await this.findOne({ email: user.email });
+      if (old != null) {
+        throw new CommonException('邮箱已被注册');
+      }
+    }
+
     let newUser: UserEntity = UserEntity.of({
       username: user.username,
       password: user.password,
@@ -163,7 +190,7 @@ export class UserService extends BaseService<UserEntity> {
       avatar: user.avatar || '',
       email: user.email || '',
       mobile: user.mobile || '',
-      phoneCode: user.phoneCode || '',
+      phoneCode: user.phoneCode || '86',
       status: 1,
       passwordVersion: 2,
     });
diff --git a/packages/ui/certd-server/src/plugins/plugin-notification/email/index.ts b/packages/ui/certd-server/src/plugins/plugin-notification/email/index.ts
index 8bab072b..4f4a6dda 100644
--- a/packages/ui/certd-server/src/plugins/plugin-notification/email/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-notification/email/index.ts
@@ -21,7 +21,6 @@ export class EmailNotification extends BaseNotification {
 
   async send(body: NotificationBody) {
     await this.ctx.emailService.send({
-      userId: body.userId,
       subject: body.title,
       content: body.content + '\n[查看详情](' + body.url + ')',
       receivers: this.receivers,